[Snort-devel] now a crash in spp_tcp_stream3

Eugene Tsyrklevich eugene at ...223...
Tue May 15 13:28:13 EDT 2001


values 0x16 and 0x22 mean that you are dereferencing a NULL/invalid pointer


On Tue, May 15, 2001 at 12:09:54PM -0500, Steve Halligan wrote:
> I got it again, the number is 1441792 (oddly that is 0x160000)
> 
> > > The saga continues, I still have it sitting in gdb if anyone 
> > > needs more
> > > data.
> > > CVS from 30 min ago:
> > > Program received signal SIGSEGV, Segmentation fault.
> > > TcpStream3FillBuffer (sptr=0x5a5800, buf=0x5b103c "", 
> > > psize=20000, server=1)
> > > at spp_tcp_stream3.c:1391
> > > 1391        first_seq = pdata->seq;
> > > 
> > It appears to me that something nasty is getting in 
> > sptr->s_data->seq.  This
> > seg fault happens when server=1 so pdata=sptr->s_data.  If I print
> > sptr->s_data->seq after the crash it has been an unusually low value
> > (14????? (I forget the actual number), and 22 in another case).  Any
> > thoughts?
> > -Steve




More information about the Snort-devel mailing list